asp.net cookies, authentication and session timeouts

Question

I have an asp.net website that uses forms authentication. There are a few things I keep in sessions like username, userID, email, etc.

I allow the user to stay logge

Answer 1

Without actually trying anything myself, there are a few things I'd check out.

• Use a method/overload of the FormsAuthentication class that allows you to set a persistent cookie. Though, IMHO it is common courtesy to allow your users to choose to check a "remember me" box rather than force them to be persistently logged in. There are a number of methods that allow you to do this based on what behavior you want - SetAuthenticationCookie() and RedirectFromLoginPage() are the first ones that come to mind.

• Check out FormsAuthentication.GetAuthenticationCookie(). This will generate an HTTP cookie with the authentication token, but not actually set it, which should allow you to change what you want - though if the FormsAuthentication module is looking for a specific value, messing with it might break authentication. You'll then have to add the cookie to the cookies collection in the response manually.